Java VM Privilege Elevation

Sun has revealed a vulnerability in the Java VM that allows an untrusted application or applet to elevate privileges and break out of the sandbox. For instance, it might grant itself permission to read and write local files or execute...

This site may earn affiliate commissions from the links on this page. Terms of use.

Sun has revealed a vulnerability in the Java VM that allows an untrusted application or applet to elevate privileges and break out of the sandbox. For instance, it might grant itself permission to read and write local files or execute programs, all no-no's for untrusted Java code.

These versions of Java, in Windows, Linux and Solaris, are vulnerable:

JDK and JRE 6 Update 2 and earlier/LI>

JDK and JRE 5.0 Update 12 and earlier/LI>

SDK and JRE 1.4.2_15 and earlier/LI>

SDK and JRE 1.3.1_20 and earlier

New, fixed versions of Java may be downloaded at this page, but by this time Java may have already prompted you to download an update.

The last year seems to have brought us a lot of vulnerabilities in Java. Someone's doing research here.

Another interesting little tidbit from the advisory: Java SDK and JRE 1.3.1 have completed their "End of Life." With a few special exceptions, they are not supported. Serious bugs like this will not be fixed (and notice that 1.3x is vulnerable), so you better upgrade already.